Step 11: Establish the security baseline

Many of your company’s contracts require cleared personnel and access to classified information.

Having a good and successful security program equals good business for your program and the company’s reputation. You are a critical element of your programs security posture by setting a good security example for your team.

As with all support functions, there are security compliance requirements that are contractually binding.  Your security department can help you find the balance between your requirements and the security compliance requirements. Successful customer security inspections of your program and the company, along with full compliance with security requirements and minimal security incidents, will ensure high customer satisfaction and repeat business.

The details of the security requirements for your contract are most often spelled out in a DD-254 (Contract Security Classification Specification), the statement of work (SOW), Section H, J, or some other part of the contract depending on the customer.  To try and explain all the variations from our customers here would be nearly impossible, therefore we have identified a few things for you to think about and address as you begin your project planning.

  • Involve security early – preferably in the capture and proposal process.  It is easier to tailor a security program and support if it’s resourced and written into the proposal.
  • Security can be a direct charge.
  • Security costs should be part of your program plan.  Need a safe? Lock replaced? Access control system? Alarms?  Classified IT system?  Facility?
  • Clearance processing times can vary from a few days to months and is a function of the clearances required, who you hire for the team, and the customer. Your understanding of the customer specific timelines will help you plan your program schedule, budget and ability to deliver your services or products.
  • Clearances are contract specific. If a person does not need a clearance to work on a contract they are not authorized to have one.
  • Clearances or accesses are not always transferrable between contracts, customers, or companies in the case of a new hire.
  • Facilities and IT systems needed to process classified information may have to be designed, built and approved before you can perform the work.  Of course you may be able to take existing facilities and IT systems and convert them, but this is not always the case.  The costs of setting these up may or may not be reimbursable under the contract.
  • Contracts are issued to legal entities, not the Groups.  If you wish to use other company legal entities on a project, unless they are specified in the contract, for security purposes you must treat them like a subcontractor. Many companies use Inter-organization Work Agreements as the subcontracting mechanism.
  • Security works with Recruiting and Human Resources to ensure candidate employees are screened and clearance processing starts during the on-boarding process.  Your action is to provide security with the essential information such as level of access required, a written justification and the contract number. So, no contract number – no clearance. Clearances are tied directly to a contract.
  • You may not submit clearance requests to a customer until a signed offer letter is on record with your company. You can, however, initiate all the paper work and have it ready.
  • You cannot do a company required background check until you receive a signed consumer authorization release from the perspective employee. Normally an offer letter will not be issued until the company background check is completed.

The bottom line is your company security department is part of your team.  Talk to them often!

– Mike Lisagor


Interested in any of these federal business opportunities?

GovFlex is the e-Commerce Marketplace 100% dedicated to connecting agencies and contractors with the best independent talent through a streamlined, web-based eProcurement platform.